[pve-devel] [PATCH v1 manager 4/5] change 'root at pam' checks with 'SuperUser' capability check
Dominik Csapak
d.csapak at proxmox.com
Fri Feb 25 11:13:15 CET 2022
On 2/10/22 16:29, Fabian Grünbichler wrote:
>> me.items.push({
>> xtype: 'pveACMEClusterView',
>> title: 'ACME',
>> diff --git a/www/manager6/dc/UserView.js b/www/manager6/dc/UserView.js
>> index bbfc4f7c..fe0c0149 100644
>> --- a/www/manager6/dc/UserView.js
>> +++ b/www/manager6/dc/UserView.js
>> @@ -29,7 +29,7 @@ Ext.define('PVE.dc.UserView', {
>> selModel: sm,
>> baseurl: '/access/users/',
>> dangerous: true,
>> - enableFn: rec => caps.access['User.Modify'] && rec.data.userid !== 'root at pam',
>> + enableFn: rec => caps.access['User.Modify'] && !caps.access.SuperUser,
> no rationale given for the different way of accessing - I'll leave it to
> more JS affine reviewers to decide whether this is sensible or not, but
> please provide the reason WHY this doesn't use `caps.access['SuperUser']`
just to give the reason:
eslint complains if we use foo['bar'] when we could use foo.bar
we prefer 'dot-notation' (so foo.bar.baz) for objects, but in
all other cases of the caps object that does not work because
the keys themselves contain a '.'
>
> also, it's wrong - a SuperUser still requires User.Modify to modify
> users, so this either needs to stay as it is or simply drop the root at pam
> shortcut.
>
More information about the pve-devel
mailing list